Time series processing-based malicious activity detection in SCADA systems

Michael Zaslavski; Meir Kalech

doi:10.1016/j.iot.2024.101355

Time series processing-based malicious activity detection in SCADA systems

Michael Zaslavski, Meir Kalech

Department of Software and Information Systems Engineering

Ben-Gurion University of the Negev

Research output: Contribution to journal › Article › peer-review

Abstract

Many critical infrastructures, essential to modern life, such as oil and gas pipeline control and electricity distribution, are managed by SCADA systems. In the contemporary landscape, these systems are interconnected to the internet, rendering them vulnerable to numerous cyber-attacks. Consequently, ensuring SCADA security has become a crucial area of research. This paper focuses on detecting attacks that manipulate the timing of commands within the system, while maintaining their original order and content. To address this challenge, we propose several machine-learning-based methods. The first approach relies on Long-Short-Term Memory model, and the second utilizes Hierarchical Temporal Memory model, both renowned for their effectiveness in detecting patterns in time-series data. We rigorously evaluate our methods using a real-life SCADA system dataset and show that they outperform previous techniques designed to combat such attacks.

Original language	American English
Article number	101355
Journal	Internet of Things (Netherlands)
Volume	28
DOIs	https://doi.org/10.1016/j.iot.2024.101355
State	Published - 1 Dec 2024

Keywords

Anomaly detection
Intrusion detection
SCADA
Time-series

All Science Journal Classification (ASJC) codes

Software
Computer Science (miscellaneous)
Information Systems
Engineering (miscellaneous)
Hardware and Architecture
Computer Science Applications
Artificial Intelligence
Management of Technology and Innovation

Access to Document

10.1016/j.iot.2024.101355

Cite this

@article{0cd2ca9042ea48a8b8aacd5c23549026,

title = "Time series processing-based malicious activity detection in SCADA systems",

abstract = "Many critical infrastructures, essential to modern life, such as oil and gas pipeline control and electricity distribution, are managed by SCADA systems. In the contemporary landscape, these systems are interconnected to the internet, rendering them vulnerable to numerous cyber-attacks. Consequently, ensuring SCADA security has become a crucial area of research. This paper focuses on detecting attacks that manipulate the timing of commands within the system, while maintaining their original order and content. To address this challenge, we propose several machine-learning-based methods. The first approach relies on Long-Short-Term Memory model, and the second utilizes Hierarchical Temporal Memory model, both renowned for their effectiveness in detecting patterns in time-series data. We rigorously evaluate our methods using a real-life SCADA system dataset and show that they outperform previous techniques designed to combat such attacks.",

keywords = "Anomaly detection, Intrusion detection, SCADA, Time-series",

author = "Michael Zaslavski and Meir Kalech",

note = "Publisher Copyright: {\textcopyright} 2024 Elsevier B.V.",

year = "2024",

month = dec,

day = "1",

doi = "10.1016/j.iot.2024.101355",

language = "American English",

volume = "28",

journal = "Internet of Things (Netherlands)",

issn = "2542-6605",

publisher = "Elsevier B.V.",

}

TY - JOUR

T1 - Time series processing-based malicious activity detection in SCADA systems

AU - Zaslavski, Michael

AU - Kalech, Meir

PY - 2024/12/1

Y1 - 2024/12/1

N2 - Many critical infrastructures, essential to modern life, such as oil and gas pipeline control and electricity distribution, are managed by SCADA systems. In the contemporary landscape, these systems are interconnected to the internet, rendering them vulnerable to numerous cyber-attacks. Consequently, ensuring SCADA security has become a crucial area of research. This paper focuses on detecting attacks that manipulate the timing of commands within the system, while maintaining their original order and content. To address this challenge, we propose several machine-learning-based methods. The first approach relies on Long-Short-Term Memory model, and the second utilizes Hierarchical Temporal Memory model, both renowned for their effectiveness in detecting patterns in time-series data. We rigorously evaluate our methods using a real-life SCADA system dataset and show that they outperform previous techniques designed to combat such attacks.

AB - Many critical infrastructures, essential to modern life, such as oil and gas pipeline control and electricity distribution, are managed by SCADA systems. In the contemporary landscape, these systems are interconnected to the internet, rendering them vulnerable to numerous cyber-attacks. Consequently, ensuring SCADA security has become a crucial area of research. This paper focuses on detecting attacks that manipulate the timing of commands within the system, while maintaining their original order and content. To address this challenge, we propose several machine-learning-based methods. The first approach relies on Long-Short-Term Memory model, and the second utilizes Hierarchical Temporal Memory model, both renowned for their effectiveness in detecting patterns in time-series data. We rigorously evaluate our methods using a real-life SCADA system dataset and show that they outperform previous techniques designed to combat such attacks.

KW - Anomaly detection

KW - Intrusion detection

KW - SCADA

KW - Time-series

UR - http://www.scopus.com/inward/record.url?scp=85203124291&partnerID=8YFLogxK

U2 - 10.1016/j.iot.2024.101355

DO - 10.1016/j.iot.2024.101355

M3 - Article

SN - 2542-6605

VL - 28

JO - Internet of Things (Netherlands)

JF - Internet of Things (Netherlands)

M1 - 101355

ER -

Time series processing-based malicious activity detection in SCADA systems

Abstract

Keywords

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this